Overview

• In a new blog post, Google called reports that it sent an emergency alert to all Gmail users "entirely false."
• Google said its protections continue to block more than 99.9% of phishing and malware attempts from reaching inboxes.
• Earlier coverage linked the activity to ShinyHunters and a Salesforce‑hosted system containing company and contact information rather than account credentials.
• Reporting indicates Google notified affected organisations directly rather than issuing a blanket notice to the entire user base.
• The company urges users to adopt passkeys and follow phishing‑avoidance guidance, steering away from weaker SMS‑based two‑factor authentication.